Atos|Syntel Human Resources Privacy Statement

Last Updated: March 15, 2021

Privacy Statement Overview Atos|Syntel is committed to protecting your privacy. This Privacy Statement ("Statement") addresses prospective, current, and former employees of Atos|Syntel, and explains how we use and protect your personal data in our human resources systems throughout the course of your employment relationship with Atos|Syntel. In this context, this Statement applies to any personal data you provide to Atos|Syntel, as well as any personal data about you that we collect from other sources.

Throughout this Statement, "Atos Syntel" (as well as “we”, “us”, or “our”) refers to Atos Syntel Inc. and its subsidiaries and affiliates (including sister Syntel companies but excluding parent companies) worldwide.

VeraSafe Privacy Program Atos Syntel Inc. is a member of the VeraSafe Privacy Program, meaning that with respect to personal data processed in the scope of this Statement, VeraSafe has assessed Atos|Syntel Inc.’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement. Controllership In the context of this Statement, 1) your employer (or the entity you’re applying to work for, respectively), 2) that entity’s parent entities within the scope of this Statement, and 3) Syntel Private Limited (India) act as the data controllers for your personal data they process. Basis of Processing Within the scope of this Statement, we process personal data on the basis of: (1) your consent, (2) the need to perform our obligations under an employment contract we have entered into with you, or to perform related pre-contractual duties at your request, and (3) the necessity to comply with our legal obligations, (such as to share certain personal data with tax authorities). Where none of those bases is applicable, Atos|Syntel processes your personal data on the basis of our legitimate interests, such as the need to facilitate communication between Atos|Syntel’s multinational group of companies. Where we process your personal data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect processing performed on other lawful grounds. Where we receive your personal data for the purpose of entering into a contract with you, we require such personal data to be able to carry out the contract. Without that necessary personal data, we will not be able to perform our obligations under our contract with you.

Page 1 of 9

What Type of Information Does Atos|Syntel Collect? If you take part in Atos|Syntel recruitment (which does not include employees, temporary workers or other personnel of Atos|Syntel), we typically process the following types of personal data about you:

• biographical information (such as name, date of birth, gender, occupation, marital status, race, ethnicity, country of residence, and national insurance number, or equivalent);

• contact information (such as email address, postal address, permanent address, mailing address, and/or telephone number);

• professional information (such as experience, technical skills, professional performance records, including ratings and awards, background-verification-related information, such as records of criminal offences, professional membership, references, and proof of eligibility to work in the local jurisdiction);

• identification documentation (such as a photocopy of your passport, driving license, ID card or other documentation required by local law. Such copies may include a photograph of your face and shoulders);

• other information provided by you in our recruitment process; and

• details of your visit(s) to our premises.

If you deal with Atos|Syntel in your capacity as an employee, temporary worker, or other personnel member, or if you are a former Atos employee, we may process the following types of personal data about you:

• biographical and personal contact information (such as name, address, date of birth, gender, marital status, race, ethnicity, emergency contact details, country of residence, and national insurance number);

• financial information (such as salary, pension details, and bank/financial details);

• professional information (such as email address, postal address, telephone number, your CV, qualifications, and relevant experience and skills);

• employment information (such as professional membership, trade union membership, job title, employment start and end date, employee ID, compensation and taxation data, social security number, references, and proof of eligibility to work in the local jurisdiction):

• identification documentation (such as a photocopy of your passport, driving license, ID card or other documentation required by local law. Such copies may include a photograph of your face and shoulders);

• travel information (such as frequent flyer number, meal and seat preference);

Page 2 of 9

• HR related records (such as training, performance assessments, absence and time- keeping records, disciplinary, grievance or culpability proceedings, employment tribunal applications, complaints, accidents, and incident details and results of background checks);

• details of your access to our premises and to systems, software, and applications – including access and location data, communications data, and video recordings;

• information related to health (e.g., in the context of pre-employment health screening);

• offenses (including alleged offenses), criminal proceedings, outcomes and sentences;

• information related to workers compensation insurance; and

• information related to employee benefit programs.

When you provide us with this personal data, you understand and give your explicit consent that we may collect, use, and disclose this information to appropriate third parties for the purposes described in this Statement. Such personal data may include sensitive personal data. We may also store emails, and application and Internet logs in connection with your dealings with us.

In certain circumstances it may be mandatory for you to provide us with your personal data to enable us to perform our obligations pursuant to an employment contract or other agreement entered into between you and us, or to comply with our legal obligations. In other circumstances, it will be at your discretion whether or not you provide us with personal data. However, failure to supply any of the personal data we request may mean that we are unable to maintain or provide services to you and/or that you may be unable to take part in any of our recruitment campaigns, or fully access and use our internal systems and resources.

Atos|Syntel makes reasonable efforts to maintain the accuracy and completeness of your personal data that it stores and to ensure that all of your personal data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware that we have inaccurate personal data relating to you. For more information, please see section “Your rights in relation to the personal data we collect” below. Atos|Syntel shall not be responsible for any losses arising from any inaccurate, inauthentic, deficient, or incomplete personal data or sensitive personal data that you provide to us.

How We Collect Your Personal Data Atos|Syntel usually collects your personal data during the course of your, or your employer’s, relationship with us. This will typically be through the forms and documents used when you sign up on our websites, take part in a recruitment campaign as a prospective candidate, or when you become an employee, contractor, temporary worker or other personnel member.

Additionally, your personal data will be collected during employee performance assessments and reviews, as described below in the section “What we use your personal data for” below. We may also receive your personal data from your previous employer. We will also collect personal

Page 3 of 9 data when we monitor or record communications such as when you use Atos-Syntel-hosted technology, including the PeopleSoft HRMS. Please also note that Atos|Syntel facilities are monitored, including by CCTV surveillance.

What We Use Your Personal Data for Atos|Syntel and/or persons acting on our behalf may process your personal data for any of the following purposes, depending on the capacity in which you deal with Atos|Syntel:

• to ensure the content on applications is presented in the most effective manner for you;

• for application management and application tracking purposes;

• for general HR administration, including payroll and benefits management, training and development, performance management, health, sickness and absence management, attendance tracking, arranging insurance for employees and dependents, travel request management, grievance and disciplinary procedures, equal opportunities monitoring, business continuity planning, and sending compensation change letters;

• maintaining a repository for employees’ documents, including documents submitted by employees;

• generating, using, and terminating employee IDs;

• maintaining service desk records;

• for internal financial management, including personnel expense reimbursement, travel and time-keeping;

• for monitoring and assessing compliance with Atos|Syntel’s policies and standards, and general risk management;

• for our promotional and marketing materials (including photos and videos) and activities;

• to facilitate self-help services, such as changing forgotten passwords;

• to evaluate and generate employees’ performance reports, generate headcount reports, and maintain job scorecards;

• to collect information about students from colleges who may be interested in working for Atos|Syntel;

• to solicit employee feedback;

• to carry out financial, money laundering, and credit checks, and for fraud and crime prevention and detection purposes generally, including maintaining repositories containing such information;

Page 4 of 9

• to provide you with requested services;

• to identify persons authorized for a selection process on behalf of our clients;

• for administrative purposes in relation to the security of and access to our systems, premises, platforms and secured websites and applications;

• to send you official communications or to provide you with information in response to requests made by you via messenger services;

• to perform background checks and generally consider your suitability for any of our current or future employment opportunities, as well as to confirm your references and educational background;

• to monitor the Atos|Syntel premises;

• to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory, enforcement or exchange bodies; and

• to comply with court orders and exercise and/ or defend our legal rights.

To Whom We May Disclose Your Personal Data Atos|Syntel does not and will not sell, rent or trade your personal data. We will only disclose your personal data in the ways set out in this Statement, including in the following circumstances:

• to any entity within the Atos|Syntel group where we have a legitimate interest in such transfer;

• to third parties who process your personal data on our behalf (such as our IT systems providers, email application providers, employee recruitment providers, payroll providers, health services providers, employee training providers, travel agents, insurance brokers, employee immigration services providers and legal experts, survey development software providers, compensation and benefits services providers, and background verification check providers);

• to third parties operating communication channels or services over which Atos|Syntel provides information in response to your request;

• to third parties who process your personal data on their own behalf for the purpose of providing us or you with a service on behalf of us (such as our industry event organizers, employment law experts, or our employee pensions providers);

• to third parties in the course of offering or providing services to you. For example, settlement agents and HR consultants;

Page 5 of 9

• to other financial institutions or regulatory bodies with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes;

• to any central or local government department and other statutory or public bodies; or

• to Atos|Syntel’s clients for their operational purposes.

When Atos|Syntel transfers your personal data to third parties, those third parties are contractually bound to provide at least the same level of protection for such personal data, as is described in this Statement, and may not use the personal data for any unauthorized purpose. Other Disclosure of Your Personal Data

We may disclose your personal data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your personal data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your personal data.

We may also disclose your personal data if we sell or transfer all or some of our company’s business interests, assets, or both, if we assign to a third party any of our rights or obligations, or in connection with a corporate restructuring.

International Transfers of Your Personal Data Atos|Syntel may transfer your personal data across national borders to affiliated entities within the Atos|Syntel group or service providers in other countries working on our behalf in accordance with applicable law. This may include transfers to jurisdictions that may not have data privacy laws providing equivalent protection to the laws in your home country.

Some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may not have determined that the countries’ data protection laws provide a level of protection equivalent to European Union law. We will only transfer your personal data to third parties in these countries when there are appropriate safeguards in place. These may include the European-Commission-approved standard contractual data protection clauses.

Your Rights in Relation to the Personal Data We Collect You may have the right to update or modify any of your personal data that we store, to access a copy of such personal data, or to ask us to limit the processing any of your personal data which we hold, or delete it. You may also have the right to ask that we limit our processing of such personal data, as well as the right to object to our processing of such personal data. You may also have the right to data portability.

You can make a request to exercise such rights by writing to us at the address set out in the “How you can contact us” section below. Subject to applicable law, we will process your request within the time prescribed by applicable law, not exceeding 30 days.

Page 6 of 9

In any of the situations listed above, in order for us to comply with our data security obligations, we may request that you prove your identity by providing us with a copy of a valid means of identification.

You may also be able to view, update, or modify certain elements of your personal data via the HR portal, accessible on our intranet.

Privacy of Children Within the scope of this Statement, we do not process the personal data of children under the age of 13.

How Long We Hold Your Personal Data We will only retain your personal data for as long as necessary to fulfill the purpose(s) for which it was collected or to comply with legal, regulatory or internal policy requirements. However, if you wish to have your personal data removed from our records, you can make such a request by writing to the address set out below. After confirming the validity of the request in light of any legal, regulatory, or internal policy requirements, we will then delete such data.

You may also be able to remove certain elements of your personal data via the HR portal, accessible on our intranet (subject to any legal, regulatory, or internal policy requirements).

How We Protect Your Personal Data and Where We Store It Atos|Syntel is committed to safeguarding and protecting your personal data and maintains reasonable and appropriate technical, physical, and administrative security controls to protect any personal data you provide to us from improper or accidental disclosure, use, access, loss, modification, or damage.

Occasionally, the personal data we collect from you may be processed in (including accessed in or stored in) a country or territory outside your home country, including outside the European Economic Area (“EEA”), which does not offer the same level of protection of personal data as may be enjoyed within your EEA country of residence. By submitting your personal data to us, you agree to this processing.

We will take all steps reasonably necessary to ensure that your personal data is appropriately protected and processed in accordance with applicable law and regulation, as well as with Atos| Syntel’s policies and standards.

How We Update or Change this Privacy Statement We may change or update this Statement in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating the wording on this webpage and updating the publication date at the top of this page. Please ensure that you regularly check this Statement so you are fully aware of any changes or updates.

How You Can Contact Us If you would like to contact us in relation to this Statement or anything else in connection with your personal data that we process, including, without limitation, where you would like to update

Page 7 of 9 your personal data, would like a copy of your personal data that we process, or would like to raise a complaint or send a comment, please contact us using the details set out below.

In the UK: Email: [email protected] The Human Resources Officer, SYNTEL EUROPE LTD., Second Floor, MidCity Place, 71 High Holborn, London, WC1V6EA, United Kingdom Tel: +44 (O) 207 636 3587 Fax: +44 (O) 207 636 5975

In any other country:

Please contact your normal Human Resource representative and Information Security Team at [email protected], and explain that your communication is in relation to data protection.

On average, we will respond to your data protection complaints/requests in approximately 5 working days. However, it may take up to 30 days depending on the complexity of your complaint/request. European Union Representative We have appointed VeraSafe as our representative in the European Union for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of personal data. To contact VeraSafe, you can use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or call by telephone at: +420 228 881 031. Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd VeraSafe Czech Republic s.r.o. Unit 3D North Point House Klimentská 46, North Point Business Park Prague 1, New Mallow Road 11002, Cork T23AT2P Czech Republic Ireland

VeraSafe Netherlands BV Keizersgracht 391 A 1016 EJ Amsterdam The Netherlands

Data Protection Officer We have appointed Matthew Joseph of VeraSafe as our Data Protection Officer (DPO). While you may also contact us, our DPO can be contacted on matters related to the processing of personal data. Our DPO’s contact details are: Matthew Joseph

Page 8 of 9

VeraSafe 22 Essex Way #8203 Essex, VT 05451 USA Phone: +1 (617) 398-7069 Email: [email protected]

Regulatory Oversight Atos Syntel Inc. is subject to the investigatory and enforcement powers of the United States Federal Trade Commission. If you are a resident of the European Union, you may have the right to lodge a complaint with a data protection regulator in your European Union Member State.

Page 9 of 9